Non-bank Residential Mortgage Lenders and Originators (RMLOs) have only recently been added to the Anti-Money Laundering requirements of the Bank Secrecy Act. They were initially exempted when the USA PATRIOT Act expanded the requirements in 2002.

But with the growth of mortgage fraud, the Financial Crimes Enforcement Network (FinCEN) has removed the exemption, calling mortgage fraud "one of the most significant operational risks" facing RMLOs.  "Residential mortgage lenders and originators are primary providers of mortgage finance – in most cases dealing directly with the consumer – and are in a unique position to assess and identify money laundering risks and fraud."

Now, like other financial institutions, RMLOs are required to have a comprehensive Anti-Money Laundering program and file Suspicious Activity Reports (SARs) on transactions that could indicate criminal activity. A "residential mortgage originator" is defined as “a person who accepts a residential mortgage application or offers or negotiates terms of a residential mortgage loan.” Included under the requirements are "mortgage companies," "mortgage bankers or lenders," and "mortgage brokers." 

RMLOs are required to have compliance programs that meet the "four pillars" of Anti-Money Laundering:

1. Written policies and procedures
2. An AML compliance officer
3. An appropriate training program
4. Independent testing

As with other financial institutions, the first step for an RMLO in creating an effective AML program is conducting a well-documented risk assessment (See Best Practice #1.)  The risk assessment – based on the individual institution's customers, products and services, and geographies – creates the foundation for the compliance program.

RMLOs are subject to stiff criminal and civil penalties for non-compliance with AML regulations. But by following Best Practices, RMLOs can avoid those penalties and the reputational harm they can bring.